Data Domain: Active Directory authentication stops working when upgrading to DDOS 5.7 or higher if the Global Catalog is unreachable
Cet article concerne
Cet article ne concerne pas
Cet article n’est associé à aucun produit spécifique.
Toutes les versions du produit ne sont pas identifiées dans cet article.
Symptômes
Upon upgrading the DDOS to version 5.7 or higher, Active Directory authentication stops working if the Global Catalog is unreachable.
This issue causes login, CIFS share access and CIFS backup failures if an Active Directory user is used for these tasks.
Cause
This is due to a change in DDOS from version 5.7 and higher which requires a Global Catalog query at each authentication.
From the DDOS CLI, as an admin user, run the following command to check connectivity to the domain, including the GC:
If the Global Catalog is unreachable, the above output will contain the following line:
From the DDOS CLI, as an admin user, run the following command to check connectivity to the domain, including the GC:
# cifs troubleshooting domaininfo
If the Global Catalog is unreachable, the above output will contain the following line:
[0x0020 - GC offline]
Résolution
- The DataDomain will attempt to reach the Global Catalog on TCP port 3268. Make sure that there is no firewall rule to block this port.
- Additionally, from DDOS 5.7.4.0 and DDOS 6.0.1, a new option to avoid global catalog queries during user authentication has been added to DDOS:
- The new option is named global-catalog-query-disable. The default value for the option will be 0 or false. It can be set to 1 or true to skip the ldap query to the global catalog to fetch Universal groups info.
For example, the following command:
Check that the option is indeed set:
#cifs option set global-catalog-query-disable true
This will disable GC queries.
To apply the changes, restart the CIFS service: #cifs restart force
Check that the option is indeed set:
#cifs option show Currently Set Options: Option Value -------------------------------- ------- global-catalog-query-disable 1 -------------------------------- -------
If the issue persists, please contact EMC Dell support.
Produits concernés
Data DomainProduits
Data DomainPropriétés de l’article
Numéro d’article: 000064171
Type d’article: Solution
Dernière modification: 13 juin 2025
Version: 3
Trouvez des réponses à vos questions auprès d’autres utilisateurs Dell
Services de support
Vérifiez si votre appareil est couvert par les services de support.